1109 matches found
USN-2868-1 DHCP vulnerability | Cloud Foundry
USN-2868-1 DHCP vulnerability Medium Vendor DHCP Versions Affected Ubuntu 14.04 Description Sebastian Poehn discovered that the DHCP server, client, and relay incorrectly handled certain malformed UDP packets. A remote attacker could use this issue to cause the DHCP server, client, or relay to st...
USN-2865-1 GnuTLS vulnerability | Cloud Foundry
USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...
CVE-2016-0708 Remote Information Disclosure | Cloud Foundry
CVE-2016-0708 Remote Information Disclosure Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry v166 through v227 Cloud Foundry Java Buildpack v2.0 through v3.4 Description Applications deployed to Cloud Foundry may be vulnerable to a remote disclosure of information,...
USN-2830-1 OpenSSL vulnerability | Cloud Foundry
USN-2830-1 OpenSSL vulnerability Medium Vendor OpenSSL Versions Affected Ubuntu 14.04 Description Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a...
USN-2834-1 libxml2 vulnerability | Cloud Foundry
USN-2834-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could...
USN-2842-1/USN-2842-2 Linux kernel vulnerability | Cloud Foundry
USN-2842-1/USN-2842-2 Linux kernel vulnerability Medium Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual...
USN-2836-1 grub2 vulnerability | Cloud Foundry
USN-2836-1 grub2 vulnerability Medium Vendor grub2 Versions Affected Ubuntu 14.04 Description Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection...
USN-2857-1 Linux kernel vulnerability | Cloud Foundry
USN-2857-1 Linux kernel vulnerability High Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permissi...
USN-2837-1 bind9 vulnerability | Cloud Foundry
USN-2837-1 bind9 vulnerability Medium Vendor bind9 Versions Affected Ubuntu 14.04 Description It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. The Cloud Found...
USN-2829-1 Linux kernel vulnerability | Cloud Foundry
USN-2829-1 Linux kernel vulnerability Medium Vendor Linux kernel Versions Affected Ubuntu 14.04 Description It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a deni...
USN-2835-1 git vulnerability | Cloud Foundry
USN-2835-1 git vulnerability Medium Vendor git Versions Affected Ubuntu 14.04 Description Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting...
CVE-2015-5350 Garden Nstar vulnerability | Cloud Foundry
CVE-2015-5350 Garden Nstar vulnerability High Vendor Cloud Foundry Foundation Versions Affected Garden versions 0.22.0-0.329.0 Description A vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud...
USN-2820-1 GnuTLS vulnerability | Cloud Foundry
USN-2820-1 GnuTLS vulnerability High Vendor GnuTLS Versions Affected Ubuntu 14.04 Description It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack. The Cloud Foundry project...
USN-2820-1 dpkg vulnerability | Cloud Foundry
USN-2820-1 dpkg vulnerability Medium Vendor dpkg Versions Affected Ubuntu 14.04 Description Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, ...
USN-2810-1 Kerberos vulnerability | Cloud Foundry
USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...
USN-2787-1 audiofile vulnerability | Cloud Foundry
USN-2787-1 audiofile vulnerability Medium Vendor audiofile Versions Affected Ubuntu 14.04 Description Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially...
USN-2815-1 PNG vulnerability | Cloud Foundry
USN-2815-1 PNG vulnerability Medium Vendor PNG Versions Affected Ubuntu 14.04 Description Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to...
USN-2812-1 libxml2 vulnerability | Cloud Foundry
USN-2812-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause...
USN-2788-1 and USN-2788-2 unzip vulnerability | Cloud Foundry
USN-2788-1 and USN-2788-2 unzip vulnerability Medium Vendor unzip Versions Affected Ubuntu 14.04 Description Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an...
USN-2806-1 Linux kernel vulnerability | Cloud Foundry
USN-2806-1 Linux kernel vulnerability High Vendor Vivid Versions Affected Ubuntu 14.04 Description Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a...
USN-2798-1 Linux kernel vulnerability | Cloud Foundry
USN-2798-1 Linux kernel vulnerability Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to...
USN-2767-1 GDK-Pixbuf library vulnerability | Cloud Foundry
USN-2767-1 GDK-Pixbuf library vulnerability Medium Vendor GDK Pixbuf Versions Affected Ubuntu 14.04 Description Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into openin...
USN-2778-1 Linux kernel vulnerabilities | Cloud Foundry
USN-2778-1 Linux kernel vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a...
USN-2722-1 GDK-PixBuf Vulnerabilities | Cloud Foundry
USN-2722-1 GDK-PixBuf Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1 Description It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote...
USN-2756-1 rpcbind Vulnerability | Cloud Foundry
USN-2756-1 rpcbind Vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description rpcbind could be made to crash or run programs if it received specially crafted network traffic. It was discovered that rpcbind incorrectly handled certain memory structures. A...
USN-2740-1 ICU Vulnerabilities | Cloud Foundry
USN-2740-1 ICU Vulnerabilities Medium to Low Vendor Canonical Ubuntu Versions Affected icu – International Components for Unicode library Description Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacke...
USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2765-1 Linux Kernel Vivid HWE Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their...
USN-2751-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2751-1 Linux Kernel Vivid HWE Vulnerability Medium to Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Several security issues were fixed in the kernel. Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.fi...
USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
USN-2711-1 Net-SNMP Vulnerabilities Low to Medium Vendor Canonical Ubuntu Versions Affected libsnmp30 5.7.2dfsg-8.1ubuntu3.1 Description Net-SNMP could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Net-SNMP incorrectly handled certain tr...
Golang 1.4.3 CVE Fixes | Cloud Foundry
Golang 1.4.3 CVE Fixes Low Vendor Google Versions Affected Golang v1.4.2 and lower Description Several security issues were fixed in Go’s net / http package. The CVE issue descriptions and fixes are linked below: CVE-2015-5739 – ‘Content Length’ treated as valid header:...
USN-2739-1 FreeType Vulnerabilities | Cloud Foundry
USN-2739-1 FreeType Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libfreetype6 2.5.2-1ubuntu2.5 – FreeType 2 is a font engine library Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially...
USN-2718-1 Address Configuration Change Vulnerabilities | Cloud Foundry
USN-2718-1 Address Configuration Change Vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An...
USN-2694-1 PCRE Vulnerabilities | Cloud Foundry
USN-2694-1 PCRE Vulnerabilities Medium Vendor Perl 5 Versions Affected Ubuntu 14.04 Description Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of servic...
USN-2710-1 OpenSSH Vulnerabilities | Cloud Foundry
USN-2710-1 OpenSSH Vulnerabilities Medium Vendor OpenSSH Versions Affected Ubuntu 14.04 Description Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this iss...
USN-2698-1 SQLite Vulnerabilities | Cloud Foundry
USN-2698-1 SQLite Vulnerabilities Medium Vendor SQLite Versions Affected Ubuntu 14.04 Description It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly...
USN-2696-1 OpenJDK 7 Vulnerabilities | Cloud Foundry
USN-2696-1 OpenJDK 7 Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected openjdk-7 – Open Source Java implementation Description Several security issues were fixed in OpenJDK 7. Affected Products and Versions Severity is medium unless otherwise noted. Ruby buildpack versions 1.6.1 an...
CVE-2015-3290 Linux Kernel NMI Vulnerability | Cloud Foundry
CVE-2015-3290 Linux Kernel NMI Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu – Kernel 3.19 Description A flaw was found in Linux kernel’s handling of nested non-maskable interrupts NMIs. This flaw could allow an unprivileged local user to escalate their privileges ...
CVE-2015-1420 file_handle size verification | Cloud Foundry
CVE-2015-1420 filehandle size verification Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 Description A race condition was discovered in the Linux kernel’s filehandle size verification. A local user could exploit this flaw to read potentially sensitive memory locations. The Cloud Foundry...
CVE-2015-1330 Unattended-Upgrades Vulnerability | Cloud Foundry
CVE-2015-1330 Unattended-Upgrades Vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was found that for some configurations, unattended-upgrades would not properly perform authentication checks on packages prior to installation. An attacker...
CVE-2015-3190 - Open redirect on Login | Cloud Foundry
CVE-2015-3190 – Open redirect on Login Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v210 UAA versions prior to 2.3.0 Description The UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect...
CVE-2015-3189 - Expire old reset password links | Cloud Foundry
CVE-2015-3189 – Expire old reset password links Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v209 UAA versions prior to 2.2.6 Description Old Password Reset Links are not expired after the user changes their current email address to a new one. This...
CVE-2015-3191 - CSRF attack on change email | Cloud Foundry
CVE-2015-3191 – CSRF attack on change email Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v210 UAA versions prior to 2.3.0 Description The changeemail form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user...
CVE-2015-1328 - overlayfs privilege escalation | Cloud Foundry
CVE-2015-1328 – overlayfs privilege escalation High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS with 3.16 kernel Description Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to...
USN-2639-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2639-1 OpenSSL vulnerabilities Medium Vendor OpenSSL Versions Affected Ubuntu 14.04 Description It was discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly...
CVE-2015-3636 - ipv4 use-after-free | Cloud Foundry
CVE-2015-3636 – ipv4 use-after-free Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 Description A use-after-free flaw was discovered in the Linux kernel’s ipv4 ping support. A local user could exploit this flaw to gain administrative privileges on the system. The Cloud Foundry project is...
Redis LUA Exploit | Cloud Foundry
Redis LUA Exploit High Vendor Redis Versions Affected Redis 3.0.1 or older Redis 2.8.20 or older Redis 2.6.x Description It was discovered that it is possible to break out of the LUA sandbox in Redis and execute arbitrary code. The user must have access to the Redis process to connect and execute...
CVE-2015-1834 - Path Traversal Vulnerability | Cloud Foundry
CVE-2015-1834 – Path Traversal Vulnerability Moderate Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v208 Description A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller. Path traversal is the ‘outbreak’ of a given director...
CVE-2015-1855 Ruby OpenSSL Hostname Verification | Cloud Foundry
CVE-2015-1855 Ruby OpenSSL Hostname Verification Moderate Vendor N/A Versions Affected Ruby OpenSSL Hostname Verification Description Ruby’s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492. This...
CVE-2015-0282 Multiple GnuTLS Vulnerabilities | Cloud Foundry
CVE-2015-0282 Multiple GnuTLS Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS Description Several security issues were fixed in GnuTLS. This issue only affects versions of GnuTLS prior to 3.1.0 released in 2012. These versions don’t verify...
USN-2537-1: OpenSSL vulnerabilities | Cloud Foundry
USN-2537-1: OpenSSL vulnerabilities Low to High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.10, 10.04 LTS and 14.04 LTS Description Several Low-to-High severity vulnerabilities impacting the versions of Ubuntu Linux included in the Cloud Foundry Stemcell and Runtime have been...